Privacy Policy

2.1 Account Information

When you create an account with Kliovo, we collect the following personal and business information:

• Full name and job title
• Email address
• Phone number
• Business name and legal entity name
• Business address
• Industry and business category
• Company website URL

2.2 WhatsApp Business Account Data

To connect your WhatsApp Business Account to our platform, we collect and process:

• WhatsApp Business Account (WABA) ID
• Phone number(s) registered with your WABA
• Display name associated with your WhatsApp business profile
• Business verification status with Meta
• Quality rating and messaging tier information
• Message template submissions and approval statuses

2.3 Message Data

When you use our Service to communicate with your customers via the WhatsApp Business API, we process the following message data:

• Message content (text, images, documents, videos, audio, location, and other media types supported by the WhatsApp Business API)
• Message templates and template parameters
• Delivery receipts, read receipts, and message status updates
• Timestamps of sent and received messages
• Sender and recipient phone numbers
• Conversation metadata (session type, conversation category)

2.4 Usage Data

We automatically collect certain technical and usage information when you access and use our Service:

• Login times and session duration
• Features and pages accessed within the platform
• IP address and approximate geolocation
• Browser type, version, and language settings
• Device type, operating system, and screen resolution
• Referring URLs and exit pages
• Actions taken within the platform (e.g., creating templates, configuring automations)

2.5 Payment Information

When you subscribe to a paid plan or make purchases through our Service, we collect billing-related information:

• Billing name and address
• Payment method type (e.g., credit card, bank transfer)
• Transaction history and invoice records
• Subscription plan details and renewal dates

2.6 Contact Lists

When you use our Service to manage customer communications, we may process:

• Customer phone numbers uploaded to or collected through the platform
• Customer names and any labels or tags you assign
• Opt-in and opt-out status for WhatsApp communications
• Custom attributes you associate with your contacts
• Conversation history linked to individual contacts

2.7 Shopify, Commerce Integrations, and Store Data

When a business customer connects a Shopify store or another commerce platform to Kliovo, we process store data only to provide the features enabled by that customer. This may include the following categories of data:

• Store identifiers, store domain, account or workspace metadata, access tokens, and authorization metadata.
• Products, variants, inventory metadata, and related catalog records made available by the connected platform.
• Orders, order line items, fulfillment and shipment status, order notes, tracking numbers, and payment method labels.
• Customer contact details, billing addresses, shipping addresses, order history, and abandoned checkout or cart recovery data made available by the merchant's connected platform.
• Webhook payloads, connection diagnostics, sync logs, import history, and API error logs.

2.8 Protected Customer Data

Some Kliovo Shop features require access to protected customer data such as names, email addresses, phone numbers, shipping addresses, billing addresses, order history, and abandoned checkout details. We request and use this data only to provide merchant-facing commerce operations, customer support, order management, fulfillment, reporting, and cart recovery features. Access is limited by tenant isolation, role-based permissions, and operational safeguards.

• We do not sell Shopify customer data.
• We do not use Shopify customer data for cross-context behavioral advertising.
• We do not use Shopify customer data to build advertising profiles.

4.1 Kliovo as a Data Processor and Service Provider

Kliovo operates as a technology service provider and data processor on behalf of its business clients ("Controllers"). Our business clients — the companies and individuals who subscribe to Kliovo — are the data controllers who determine the purposes and means of processing their end customers' personal data. Kliovo processes that data solely on their behalf and under their instructions, in accordance with our Data Processing Agreement (DPA). To deliver the WhatsApp messaging service, Kliovo shares necessary data — including message content, sender/recipient phone numbers, and business account details — with Meta Platforms, Inc. via the official WhatsApp Business API. This sharing is strictly for the purpose of routing, delivering, and managing WhatsApp communications on behalf of our business clients.

4.2 Compliance with Meta Policies

We strictly comply with the following Meta policies and terms:

• Meta Platform Terms of Service
• WhatsApp Business Messaging Policy
• WhatsApp Commerce Policy
• Meta Data Use Policy
• WhatsApp Business Solution Provider Terms

4.3 Message Content Usage

Message content processed through our platform is used solely to deliver the Service. Specifically:

• Message content is not used for advertising or ad-targeting purposes
• We do not sell message content to third parties
• We do not use message content to build advertising profiles
• Message content is processed and stored only as necessary to deliver messages, provide customer support, and maintain service reliability

4.4 Conversation Data Retention

Conversation data is retained in accordance with the data retention periods described in Section 8 of this Policy. Messages are stored on our secure servers to enable you to access conversation history within the platform. When you delete your account, conversation data is permanently removed in accordance with our retention schedule.

5.1 Data Collected by the App

The Kliovo Chat Android app collects the following data to provide its core functionality:

• Email address — used for account authentication and login
• Full name — used to identify you within your team's shared inbox
• WhatsApp message content (business communications only) — displayed within the app so you can view and respond to customer conversations
• Device push notification token — generated by Firebase Cloud Messaging (FCM) and used solely to deliver real-time alerts for new messages and escalations

5.2 Purpose of Collection

Each data type collected by the app serves a specific purpose:

• Authentication — your email and name are used to securely log you into your Kliovo account
• Conversation display — message content is retrieved from Kliovo servers to render your business inbox within the app
• Push notifications — your device token is sent to our servers and passed to Firebase Cloud Messaging to deliver alerts when new messages arrive or a conversation is escalated to you

5.3 Data Storage

All data accessed through the app is stored on Kliovo servers. Data is encrypted in transit via HTTPS/TLS 1.3. No message content or account data is stored locally on your device beyond active session memory. Your device push notification token is stored on our servers only for as long as your account is active and is deleted upon account termination.

5.4 Third-Party Services — Firebase Cloud Messaging

The app uses Firebase Cloud Messaging (FCM), a service provided by Google LLC, to deliver push notifications. Your device push notification token is shared with FCM solely for this purpose. FCM does not have access to your message content. FCM's handling of this data is governed by Google's Privacy Policy, available at https://policies.google.com/privacy. We do not use FCM for advertising or analytics purposes.

5.5 Data Deletion — Account and App Data Removal

You have the right to request deletion of your account and all associated data at any time. To delete your account and data:

• In-app: Navigate to chat.kliovo.com/settings/account and select 'Delete Account'
• By email: Send a deletion request to [email protected] from your registered email address
• Upon receiving a verified deletion request, we will permanently remove your account data, message history, and device token within 30 days in accordance with Section 8 of this Policy

5.6 No Sale of Data

Message content, device tokens, and any other data collected through the Kliovo Chat app are never sold, rented, or shared with third parties for advertising, profiling, or any commercial purpose beyond what is described in this section.

6.1 Meta / WhatsApp

We share data with Meta Platforms, Inc. as required for the operation of the WhatsApp Business API. This includes message content, sender and recipient information, and business account details necessary to process and deliver WhatsApp messages.

6.2 Connected Commerce and Logistics Platforms

Where you choose to connect a third-party platform or service to Kliovo, we may receive data from and transmit data to that platform or service in order to provide the requested functionality. These services may include Shopify, WooCommerce, courier providers, payment processors, and similar integrations designated by you. We access and process only the data needed to provide the features you enable, such as store connection, product and order syncing, fulfillment updates, tracking, reporting, automation, and privacy-request handling. Kliovo receives Shopify mandatory privacy webhooks for customers/data_request, customers/redact, and shop/redact and processes verified requests to locate, summarize, delete, anonymize, or deactivate Shopify-origin data as required by the request type and applicable retention obligations.

6.3 Payment Processors

We share billing information with third-party payment processors (such as Stripe) to process payments for our Service. These processors handle your payment card details directly and are bound by PCI DSS compliance requirements. We do not store your full credit card numbers on our servers.

6.4 Cloud Infrastructure Providers

We use reputable cloud infrastructure providers to host and operate our Service. These providers process data on our behalf and are contractually obligated to protect your data in accordance with this Policy and applicable data protection laws.

6.5 Analytics Providers

We may share anonymized and aggregated usage data with analytics providers to help us understand how the Service is used and to improve our platform. This data does not identify individual users.

6.6 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal process, including:

• Court orders and subpoenas
• Requests from law enforcement or government agencies
• Legal proceedings to protect our rights, privacy, safety, or property
• Situations involving potential threats to the physical safety of any person
• Prevention of fraud or other illegal activities

6.7 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Service of any change in ownership or uses of your personal information.

8.1 Account Data

Your account information is retained for as long as your account remains active. If you choose to close your account, we will delete or anonymize your account data within 30 days, unless retention is required for legal or regulatory purposes.

8.2 Message Data

Conversation and message data is retained for the duration of your active subscription. Upon account deletion, message data is permanently removed from our production systems within 30 days. Residual copies in encrypted backups are purged within 90 days.

8.3 Usage and Analytics Data

Anonymized usage and analytics data may be retained indefinitely for product improvement and statistical analysis purposes. This data cannot be used to identify individual users.

8.4 Billing Records

Transaction and billing records are retained for a minimum of 7 years in accordance with applicable tax and financial regulations.

8.5 Backup Retention

Encrypted backups of production data are retained for up to 90 days and are automatically purged thereafter. Backups are stored in geographically separate locations for disaster recovery purposes.

8.6 Connected Store and Integration Data

Shopify-origin records are retained while the merchant account or store connection remains active and as needed to provide order, fulfillment, reporting, customer support, and compliance features. After a verified deletion, redact, uninstall, or account closure request, Kliovo deletes, anonymizes, or deactivates applicable Shopify-origin data within 30 days unless retention is required by law, security, fraud prevention, dispute resolution, or accounting obligations. Residual encrypted backups expire according to our backup retention schedule. When a merchant disconnects an integration or uninstalls the Kliovo app from a connected platform, we stop future syncing and deactivate the connection. Imported business records such as products, customers, and orders remain subject to the merchant's account lifecycle, workspace settings, and applicable legal obligations.

9.1 Exercising Your Rights

To exercise any of the above rights, please contact our Data Protection Officer at [email protected]. We will respond to your request within 30 days of receipt. In certain cases, we may need to verify your identity before processing your request. If your request is complex or you have made multiple requests, we may extend the response period by an additional 60 days, in which case we will notify you of the extension and the reasons for it.

9.2 Complaints

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

11.1 Essential Cookies

These cookies are strictly necessary for the operation of our Service. They enable core functionality such as user authentication, session management, and security features. You cannot opt out of essential cookies as they are required for the Service to function.

11.2 Analytics Cookies

We use analytics cookies to understand how visitors interact with our Service, including which pages are visited most frequently and how users navigate through the platform. This data is collected in aggregate form and does not identify individual users. You may opt out of analytics cookies through your browser settings or our cookie preferences panel.

11.3 Third-Party Cookies

Some third-party services integrated into our platform may set their own cookies. These are governed by the respective privacy policies of those third parties. We do not control the use of third-party cookies.

11.4 Managing Cookies

Most web browsers allow you to control cookies through their settings. You can set your browser to refuse all cookies, accept only certain cookies, or delete cookies that have already been set. Please note that disabling essential cookies may affect the functionality of the Service.

Categories of Personal Information Collected

We collect identifiers (name, email, phone number), commercial information (transaction history, subscription details), internet activity (usage data, browser type, IP address), geolocation data (approximate, from IP), and inferences drawn from the above categories. Please see Section 2 for full details.

Do Not Sell or Share My Personal Information

We do not sell your personal information to third parties for monetary compensation. We do not share your personal information with third parties for cross-context behavioral advertising purposes. Because we do not sell or share personal information in these ways, there is no need to submit an opt-out request. However, if you have questions about our data practices, please contact us at [email protected].

Your California Rights

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you over the past 12 months, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share your information.
• Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions permitted by law.
• Right to Correct: You may request correction of inaccurate personal information we maintain about you.
• Right to Limit Use of Sensitive Personal Information: To the extent we process sensitive personal information, you have the right to limit our use of it to what is necessary to provide the Service.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

How to Submit a Request

To exercise any of your California rights, please contact us at [email protected] with the subject line "California Privacy Request." You may also submit a request by mailing us at: Starlit Stockpile LLC, 5900 Balcones Drive, Suite 100, Austin, TX 78731. We will respond to verifiable requests within 45 days.

16.1 Web / In-App Deletion

Log in to your Kliovo account and navigate to chat.kliovo.com/settings/account. Select 'Delete Account' and confirm. Your data deletion will begin immediately and complete within 30 days.

16.2 Email Deletion Request

Send an email to [email protected] from your registered email address with the subject line 'Data Deletion Request'. Include your full name and the email address associated with your Kliovo account. We will confirm receipt within 48 hours and complete deletion within 30 days.

16.3 What Gets Deleted

• Your account credentials and profile information
• All WhatsApp message history and conversation data stored on Kliovo servers
• Contact lists and customer data you uploaded or collected through the platform
• Device push notification tokens (mobile app users)
• Billing history — note that transaction records may be retained for up to 7 years as required by applicable tax regulations
• Usage and analytics data associated with your account

16.4 Business Client Data

If you are a business client of Kliovo and wish to request deletion of data processed on behalf of your end customers, please submit a request to [email protected] referencing your account and the specific data subject(s). We will process such requests in accordance with our Data Processing Agreement and applicable law.